A proposed cybersecurity certification scheme (EUCS) for cloud services should not discriminate against Amazon, Alphabet’s Google, and Microsoft, 26 industry groups across Europe warned on Monday.
The European Commission, EU cybersecurity agency ENISA, and EU countries will meet on Tuesday to discuss the scheme, which has undergone several changes since ENISA unveiled a draft in 2020.
The EUCS aims to help governments and companies pick a secure and trusted vendor for their cloud computing business. The global cloud computing industry generates billions of euros in yearly revenue, with double-digit growth expected.
A March version scraped so-called sovereignty requirements from a previous proposal, which required U.S. tech giants to set up a joint venture or cooperate with an EU-based company to store and process customer data in the bloc in order to qualify for the highest level of the EU cybersecurity label.
“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security,” the groups said in a joint letter to EU countries.
“The removal of both ownership controls and Protection against Unlawful Access (PUA) and Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles,” they said.
The groups said it was crucial that their members have access to a diverse range of resilient cloud technologies tailored to their specific needs to thrive in an increasingly competitive global market.
Signatories to the letter include the American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania, and Spain, and the European Payment Institutions Federation.